About this Course

This course is conducted via SGS Singapore. All instruction and examinations are in English.

ISO/IEC 27001 is an information security management system (ISMS) standard published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). Its full name is ISO/IEC 27001– Information technology – Security techniques – Information security management systems – Requirements. ISO/IEC 27001 formally specifies a management system that is intended to bring information security under explicit management control. Being a formal specification means that it mandates specific requirements. Organizations that claim to have adopted ISO/IEC 27001 can therefore be formally audited and certified compliant with the standard.

THE STANDARD CONTAINS 11 DOMAINS(APART FROM INTRODUCTORY SECTIONS)

1. Security policy - management direction
   
2. Organization of information security - governance of information security
   
3. Asset management - inventory and classification of information assets
   
4. Human resources security - security aspects for employees joining, moving and leaving an organization
   
5. Physical and environmental security - protection of the computer facilities
   
6. Communications and operations management - management of technical security controls in systems and networks
   
7. Access control - restriction of access rights to networks, systems, applications, functions and data
   
8. Information systems acquisition, development and maintenance - building security into applications
   
9. Information security incident management - anticipating and responding appropriately to information security breaches
   
10. Business continuity management - protecting, maintaining and recovering business-critical processes and systems
    
11. Compliance - ensuring conformance with information security policies, standards, laws and regulations
    

ISO/IEC 27001 REQUIRES THAT MANAGEMENT:

• Systematically examine the organization's information security risks, taking account of the threats, vulnerabilities, and impacts;
  
• Design and implement a coherent and comprehensive suite of information security controls and/or other forms of risk treatment (such as risk avoidance or risk transfer) to address those risks that are deemed unacceptable; and
  
• Adopt an overarching management process to ensure that the information security controls continue to meet the organization's information security needs on an ongoing basis.
  

THE KEY BENEFITS OF 27001 ARE:

• It can act as the extension of the current quality system to include security
  
• It provides an opportunity to identify and manage risks to key information and systems assets
  
• Provides confidence and assurance to trading partners and clients; acts as a marketing tool
  
• Allows an independent review and assurance to you on information security practices
  

A company may want to adopt ISO 27001 for the following reasons:

• It is suitable for protecting critical and sensitive information
  
• It provides a holistic, risk-based approach to secure information and compliance
  
• Demonstrates credibility, trust, satisfaction and confidence with stakeholders, partners, citizens and customers
  
• Demonstrates security status according to internationally accepted criteria
  
• Creates a market differentiation due to prestige, image and external goodwill
  
• If a company is certified once, it is accepted globally.

Rate this course:

Log in to submit

Comments